Chapter 1 Flashcards
Use Case
Describes a goal than an organization wants to achieve.
Actors
A person
Precondition
Must occur before the process can start
Trigger
Starts the use case
Postcondition
Occurs after the actor triggers the process
Normal Flow
Lists each step in specific order
Confidentiality
Prevents the unauthorized disclosure of data
Encryption
Scrambles data to make it unreadable
PII
Personally Identifiable Information
Access Controls
Identification, authentication, and authorization.
Identification
User claimed identity
Authentication
Users prove their identity
Authorization
Grant or restrict access to resources after authentication.
Steganography
Hiding data within data
Obfuscation
METHOD to attempt to make something unclear or difficult.
Integrity
Provides assurances that data has not changed.
Hashing
A number created by an algorithm against data to ensure integrity.
Hashing Algorithms
Message Digest 5 (MD5), Secure Hash Algorithm (SHA), and Hash-based Message Authentication Code (HMAC)
MAC (NIC)
Media Access Control
MAC (Mandatory)
Mandatory Access Control
MAC (Message)
Message authentication code
Digital Signature
Provides authentication and non-repudiation
Non-repudiation
Verifies the user. Non-deniable.
Availability
Indicates that data and services are available when needed.
Redundancy
Adds duplication to critical systems and provide fault tolerance.
Fault Tolorance
Allows services to continue without interruption in the case of a fault.
Disk redundancies
Fault-tolerant disks, such as RAID-1, RAID-5, and RAID-10.
Server redundancies
Failover clusters ensure a service will continue to operate, even if a server fails.
Load balancing
Uses multiple servers to support a single service
Site redundancies
If a site can no longer function due to a disaster, such as a fire, flood, hurricane, or earthquake, the organization can move critical systems to an alternate site.
Risk
is the possibility or likelihood of a threat exploiting a vulnerability resulting in a loss.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Threat
any circumstance or event that has the potential to compromise confidentiality, integrity, or availability.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Vulnerability
is a weakness.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Security Incident
an adverse event or series of events that can negatively affect the confidentiality, integrity, or availability of an organization’s information technology (IT) systems and data.
Gibson, Darril. CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide . Kindle Edition.
Risk mitigation
Reduces the changes that a threat will exploit a vulnerability.